CVE-2017-16994

MEDIUM

Linux Kernel <4.14.2 - Info Disclosure

Title source: llm

Description

The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Google Security Research · cdoslinux

https://www.exploit-db.com/exploits/43178

View Code ZIP pw:eip

exploitdb WORKING POC

by anonymous · clocallinux

https://www.exploit-db.com/exploits/44303

View Code ZIP pw:eip

exploitdb WORKING POC

by anonymous · cdoslinux

https://www.exploit-db.com/exploits/44304

View Code ZIP pw:eip

nomisec WORKING POC

by jedai47 · poc

https://github.com/jedai47/CVE-2017-16994

View Code ZIP pw:eip

References (13)

[Vendor Advisory] https://usn.ubuntu.com/3617-2/

[Vendor Advisory] https://usn.ubuntu.com/3617-3/

[Vendor Advisory] https://usn.ubuntu.com/3619-1/

[Vendor Advisory] https://usn.ubuntu.com/3619-2/

[Vendor Advisory] https://usn.ubuntu.com/3632-1/

[Patch] http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=373c4557d2aa362702c4c2d41288fb1e54990b7c

[Release Notes] http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.2

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/101969

[Exploit, Issue Tracking, Patch] https://bugs.chromium.org/p/project-zero/issues/detail?id=1431

[Patch] https://github.com/torvalds/linux/commit/373c4557d2aa362702c4c2d41288fb1e54990b7c

[Vendor Advisory] https://usn.ubuntu.com/3617-1/

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/43178/

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2018:0502

Scores

CVSS v3 5.5

EPSS 0.0480

EPSS Percentile 89.5%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (1)

linux/linux_kernel < 4.14.2

Published Nov 27, 2017

Tracked Since Feb 18, 2026